Sendmail RestrictQueueRun Option Debug Mode Information Disclosure

According to the version number of the remote mail server, a local user may be able to obtain the complete mail configuration and other interesting information about the mail queue even if he is not allowed to access those information directly, by running sendmail -q -d0-nnnn.xxx where nnnn & xxx...

CVE-2001-1199

Agora CGI Cross Site Scripting (CVE-2001-1199) affects Agora versions 3.0a–4.0g due to improper input validation in the cart_id parameter when debug mode is on, enabling remote attackers to execute JavaScript in other clients. The vulnerability is documented in multiple sources (e.g., OpenVAS des...

CVE-2001-1199

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cartid parameter...

Multiple Vulnerabilities in CISCO VoIP Phones

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Abstract - -------- The 7900 line of VoIP phones from Cisco contain remote-accessible code which can be exploited to cause a denial of service, and possibly leak information; the phones are also weak in ways that facilitate man-in-the-middle attacks...

Debploit: Microsoft Windows NT/2000 debug API privelege escalation

By connection to PLC port DbgSsApiPOrt it's possible to obtain handler for any process or thread for debugging...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

CVE-2002-0215

Agora.cgi versions 3.2r through 4.0 in debug mode disclose the full pathname of the agora.cgi file when a non-existent .html file is requested, enabling remote disclosure of server file paths. This is an information disclosure vulnerability in the web application component. The affected component...

CVE-2002-0215

Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers to determine the full pathname of the agora.cgi file by requesting a non-existent .html file, which leaks the pathname in an error message...

CVE-1999-1309

Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug -d command line option...

CVE-1999-1309

The CVE-1999-1309 entry describes a local privilege escalation in Sendmail via a long value in the debug -d option, enabling root access on affected systems. According to connected sources, this affects Sendmail 8.x prior to 8.6.7 (long debug overflow). The underlying issue is a local overflow tr...

Agora.CGI 3/4 - Debug Mode Full Path Disclosure

source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi script is stored in. This is possible by making ...

Agora.CGI 34 - Debug Mode Full Path Disclosure

Agora.CGI 34 - Debug Mode Full Path Disclosure source: https://www.securityfocus.com/bid/3976/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, it is possible for a remote attacker to display the absolute path to the directory that the agora.cgi...

dnrd 2.10 dos

Program: dnrd Version: 2.10 Distro: n/a Problem: There are various problems with dnrd's dns request and reply functions, that cause it to crash. Reproduce: Using two consoles, I did the following Terminal one got: andrewg@blackhole /data/audit/dnrd-2.10/src$ gdb dnrd GNU gdb 5.0rh-5 Red Hat Linux...

PT-2001-2334 · Agora · Agora

Name of the Vulnerable Software and Affected Versions: Agora versions 3.0a through 4.0g Description: The issue allows remote attackers to execute Javascript on other clients via the cart id parameter in agora.cgi when debug mode is enabled. This occurs because of a cross-site scripting issue...

Agora.CGI 3.x/4.0 - Debug Mode Cross-Site Scripting

source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output. Debug mode is not enabled by default and must be...

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting

Agora.CGI 3.x4.0 - Debug Mode Cross-Site Scripting source: https://www.securityfocus.com/bid/3702/info Agora.cgi is a freely available, open source shopping cart system. When debug mode is enabled, the Agora.cgi script does not adequately filter HTML tags when debug information is being output...

WU-FTPD configured to use RFC 931 authentication running in debug mode contains format string vulnerability

Overview WU-FTPD contains a format string vulnerability that manifests when WU-FTPD is configured to use RFC 931 authentication and is run in debug mode. A crafted identd response could be used to execute arbitrary code on a vulnerable server. Description A format string vulnerability exists in t...

DoS против postfix (memory exhaustion)

Отладочная информация накапливается в памяти без ограничения...

ColdFusion Debug Mode Information Disclosure

It is possible to see the ColdFusion Debug Information by appending '?Mode=debug' at the end of the request. ColdFusion 4.5 and 5.0 are definitely concerned probably in addition older versions. The Debug Information usually contain sensitive data such as Template Path or Server Version...

CVE-2001-0715

Sendmail before 8.12.1, without the RestrictQueueRun option enabled, allows local users to obtain potentially sensitive information about the mail queue by setting debugging flags to enable debug mode...